<?php
/*
 * [JINYUN!] (C)2001-2099 Jinyunweb.com
 * This is NOT a freeware, use is subject to license terms
 * $Id: 2017-12-13 03:39:35 apple $
*/
define('JY_API',true);
$thises=array('custom','manage');
if($_GET['this'] && !in_array($_GET['this'],$thises)){
	exit('bad error');
}
require_once './core/core.php';
if(!$_SESSION['token']){
	if($_SESSION['this']=='manage' && !check_permission($_RQ['plugin'],$_RQ['action'],$_RQ['op'])){
		exi('会话过期，请重新进入！','error','./index.php?core/user.login/');
	}else{
		if($_SESSION['container']!='wechat' && $_SESSION['os']!='windows' && $_SESSION['container']!='mobile'){
			exi('会话过期，请重新进入！','error','reload','','','',true);
		}
	}
}
if(!$_SESSION['this']){
	exi('bad error','error');
}
//兼容插件入口
if($_RQ['action']=='module'){
	if(!$_SESSION['uid']){
		exi('请先登陆！','error','','./index.php?a=user.login');
	}
	require ROOT_D.'/api/open_jyapi/index.php';
	exit;
}
//整理action
if(!$_RQ['action']){
	exit('error action:none');
}
if(preg_match('/[^\w\.]/',$_RQ['action'])){
	exit('error action:wrong'.$_RQ['action']);
}
if(!$_RQ['plugin']){
	exit('error plugin');
}
if(preg_match('/\W/',$_RQ['plugin'])){
	exit('error plugin:wrong');
}
//验证token，只验证post表单
if(POST && (!$_RQ['token'] || $_SESSION['token']!=$_RQ['token'])){
	if($_RQ['plugin']!='core' || $_RQ['action']!='tools.file'){
		exi('token 超时，请重新进入！','error','reload','','','',true);
	}
}

//检测用户权限:看权限集中是否包含该权限，如不包含，则直接放过。如包含，则判断用户权限集中是否包含该权限；没有则提示无权访问。
if($_SESSION['this']=='manage'){
	if(!check_permission($_RQ['plugin'],$_RQ['action'],$_RQ['op'])){
		if(!$_SESSION['uid']){
			exi('无权访问，请先登陆！','error','./index.php?p=core&a=user.login');
		}else{
			if($_RQ['plugin'] && $_RQ['plugin']!='core' && $_RQ['plugin']!='undefined'){
				$check=pdo_getcolumn('core_plugins',array('name'=>$_RQ['plugin']),'id');
				if(!$check){
					$allplugins = cache_read('cloud_getallplugins');
					$allplugins=json_decode($allplugins,true);
					$plugintitle=$allplugins[$_RQ['plugin']]['title']?:$_RQ['plugin'];
					exi('未安装相关插件《'.$plugintitle.'》，请联系管理员！','error');
				}
			}
			if($_RQ['action']!='basic.module_home'){
				exi('无权访问，请管理员帮你开通相关权限！','error');
			}
		}
	}
}
if($_SESSION['this']=='custom'){
	if($_RQ['plugin'] && $_RQ['plugin']!='core'){
		$check=pdo_getcolumn('core_plugins',array('name'=>$_RQ['plugin']),'id');
		if(!$check){
			$allplugins = cache_read('cloud_getallplugins');
			$allplugins=json_decode($allplugins,true);
			$plugintitle=$allplugins[$_RQ['plugin']]['title']?:$_RQ['plugin'];
			exi('未安装相关插件《'.$plugintitle.'》，请联系管理员！','error');
		}
	}
	if(!check_account_permission($_RQ['plugin'])){
		//exi('无权访问！','error');
	}
}
//整理access_json保存备用
$get=$_GET;
unset($get['plugin'],$get['action'],$get['op'],$get['this'],$get['token'],$get['nosession'],$get['is_access']);
if($get){
	$query=http_build_query($get);
}
$_AR['access_json']="{$_RQ['plugin']}/{$_RQ['action']}/{$_RQ['op']}/".$query;
if(get_access_setting($_RQ['plugin']) && $_RQ['is_access']){
	exi('','','reload');
}

access(array('plugin'=>$_RQ['plugin'],'action'=>$_RQ['action']));